Join Martin Guidry for an in-depth discussion in this video Working with Measured Boot, part of Windows 10 Administration.
- In this section, we're going to talk about the Measured Boot technology in Windows 10. Measured Boot is a procedure of monitoring the boot process. The goal of which is to prove that the machine is in a trustworthy state. In other words, that nothing was manipulated during the boot process that could reduce the security of the computer. One of the biggest things logged by Measured Boot is which components were loaded before the Anti-Malware software.
The idea being that anything loaded after the Anti-Malware software will have been scanned and we can assume that it is trustworthy based on the quality of the Anti-Malware software. However, what about things that were loaded before the Anti-Malware software? Things loaded very early in the boot process. Measured Boot keeps a detailed log of these items so that they can be analyzed to check for viruses or other malware.
Those logs are stored in the Trusted Platform Module hardware or TPM. TPM is the same hardware that's necessary to use the BitLocker technology we talked about eariler. In this case, it's used to store the results of the Measured Boot audit. Once we've gone through a Measured Boot process, the computer can complete an Attestation period. In other words, it's going to have someone attest to it's security.
The values from the Trusted Platform Module will be sent to a remote computer. That remote computer will evaluate the audit, and if it finds the computer was booted in a secure manner, it will respond with a Quote. And a Quote is a statement about the health of this computer. The Quote can then be presented to other computers, and those computers can decide to trust one another or not trust one another based on the results of the Quote. So by going through a Measured Boot process, then storing the audit of that Measured Boot process in a TPM module, then having the TPM data verified by a remote computer, we can generate a Quote, and that Quote is a statement of the health of our computer.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10